Fix address violation when parsing a corrupt IEEE binary.

	PR binutils/21633
	* ieee.c (ieee_slurp_sections): Check for a NULL return from
	read_id.
	(ieee_archive_p): Likewise.
	(ieee_object_p): Likewise.

2 files changed, 16 insertions, 0 deletions

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 9bc63e1..9e1cb05 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,13 @@
 2017-06-21  Nick Clifton  <nickc@redhat.com>
 
+	PR binutils/21633
+	* ieee.c (ieee_slurp_sections): Check for a NULL return from
+	read_id.
+	(ieee_archive_p): Likewise.
+	(ieee_object_p): Likewise.
+
+2017-06-21  Nick Clifton  <nickc@redhat.com>
+
 	PR binutils/21640
 	* elf.c (setup_group): Zero the group section pointer list after
 	allocation so that loops can be caught.  Check for NULL pointers
diff --git a/bfd/ieee.c b/bfd/ieee.c
index 08d08d4..958a40b 100644
--- a/bfd/ieee.c
+++ b/bfd/ieee.c
@@ -1246,6 +1246,8 @@ ieee_slurp_sections (bfd *abfd)
 
 		/* Read section name, use it if non empty.  */
 		name = read_id (&ieee->h);
+		if (name == NULL)
+		  return FALSE;
 		if (name[0])
 		  section->name = name;
 
@@ -1395,6 +1397,8 @@ ieee_archive_p (bfd *abfd)
   (void) next_byte (&(ieee->h));
 
   library = read_id (&(ieee->h));
+  if (library == NULL)
+    goto got_wrong_format_error;    
   if (strcmp (library, "LIBRARY") != 0)
     goto got_wrong_format_error;
 
@@ -1922,9 +1926,13 @@ ieee_object_p (bfd *abfd)
   ieee->section_table_size = 0;
 
   processor = ieee->mb.processor = read_id (&(ieee->h));
+  if (processor == NULL)
+    goto got_wrong_format;    
   if (strcmp (processor, "LIBRARY") == 0)
     goto got_wrong_format;
   ieee->mb.module_name = read_id (&(ieee->h));
+  if (ieee->mb.module_name == NULL)
+    goto got_wrong_format;
   if (abfd->filename == (const char *) NULL)
     abfd->filename = xstrdup (ieee->mb.module_name);